asp.net - Integrated Windows Authentication & SSL -


I have an administrative website on our intranet which currently supports integrated Windows authentication via IIS < uses it. We want to take this application to a public website and secure it with SSL, so that our users can access it from anywhere.

I was planning to redirect http to https to use the HTTPS module but it does not work with integrated authentication (login popup appears before redirect).

Am I stuck at the "Need SSL" checkbox in IIS?

What will you do in this situation?

This does not appear to be user-friendly because the user gets a good fat error page if they forget to use https URL. >

We had similar problems on our intranet site and integrated Windows to request your network username / password directly. Switching from authentication was finished on the site This way we can redirect them to HTTPS or other such things when authentication displays popups.

We have such a code (assuming you are using ASP.NET) which authenticates the user, and then we store the authentication status in a cookie.

  Public Static Bull AuthenticateUser (String Username, String Password) {System.DirectoryServices.DirectoryEntry _entry = New System.DirectoryServices.DirectoryEntry (ldap_path, Username, Password, System.DirectoryServices.AuthenticationTypes. Delegation); Bool _authenticated = false; Try {object_o = _entry.NativeObject; _authenticated = true; } Hold {_authenticated = false; } Finally many connections to {// server} are avoided by "permission" error _entry.Close (); _entry.Dispose (); } Return _authenticated; }  

It protects us greatly from headache and frustration by handling all certification in the application based on IIS.


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -